File libgcrypt-FIPS-disable-3DES.patch of Package libgcrypt.25788

Index: libgcrypt-1.9.4/cipher/des.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/des.c
+++ libgcrypt-1.9.4/cipher/des.c
@@ -1498,7 +1498,7 @@ static gcry_cipher_oid_spec_t oids_tripl
 
 gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
   {
-    GCRY_CIPHER_3DES, {0, 1},
+    GCRY_CIPHER_3DES, {0, 0},
     "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
     do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt,
     NULL, NULL,
Index: libgcrypt-1.9.4/cipher/mac-cmac.c
===================================================================
--- libgcrypt-1.9.4.orig/cipher/mac-cmac.c
+++ libgcrypt-1.9.4/cipher/mac-cmac.c
@@ -458,7 +458,7 @@ gcry_mac_spec_t _gcry_mac_type_spec_cmac
 #endif
 #if USE_DES
 gcry_mac_spec_t _gcry_mac_type_spec_cmac_tripledes = {
-  GCRY_MAC_CMAC_3DES, {0, 1}, "CMAC_3DES",
+  GCRY_MAC_CMAC_3DES, {0, 0}, "CMAC_3DES",
   &cmac_ops
 };
 #endif
Index: libgcrypt-1.9.4/src/fips.c
===================================================================
--- libgcrypt-1.9.4.orig/src/fips.c
+++ libgcrypt-1.9.4/src/fips.c
@@ -493,6 +493,10 @@ run_cipher_selftests (int extended)
 
   for (idx=0; algos[idx]; idx++)
     {
+      /* Skip non-approved cipher in FIPS mode */
+      if (fips_mode() && algos[idx] == GCRY_CIPHER_3DES)
+        continue;
+
       err = _gcry_cipher_selftest (algos[idx], extended, reporter);
       reporter ("cipher", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);
@@ -558,6 +562,10 @@ run_mac_selftests (int extended)
 
   for (idx=0; algos[idx]; idx++)
     {
+      /* Skip non-approved MAC algorithm in FIPS mode */
+      if (fips_mode() && algos[idx] == GCRY_MAC_CMAC_3DES)
+        continue;
+
       err = _gcry_mac_selftest (algos[idx], extended, reporter);
       reporter ("mac", algos[idx], NULL,
                 err? gpg_strerror (err):NULL);